diff options
author | Tom Rini <trini@konsulko.com> | 2018-05-16 13:37:54 -0400 |
---|---|---|
committer | Jia Zhang <zhang.jia@linux.alibaba.com> | 2018-05-17 20:36:23 +0800 |
commit | c804f2591498d5d400e12340346e6b190623ddc6 (patch) | |
tree | 9be53d19d5cdff6f1c63af0c701b117ac7514d00 | |
parent | b7b42cdec7b20be00ea2c344189f5924951d3037 (diff) | |
download | meta-secure-core-c804f2591498d5d400e12340346e6b190623ddc6.tar.gz |
meta-signing-key: Rename "extra trusted" to "secondary"
The way that the create-user-key-store.sh script creates what it has
been calling "extra_system_trusted_key" is really what would be
considered a "secondary" trusted key as it is signed by the primary key
that we create. To make this clearer, as there are other cases for an
"extra trusted system key" that are not this key, update the variables,
package names, etc, to reflect "secondary" not "extra system".
Requested-by: Jia Zhang <zhang.jia@linux.alibaba.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
-rw-r--r-- | meta-signing-key/classes/user-key-store.bbclass | 28 | ||||
-rw-r--r-- | meta-signing-key/conf/layer.conf | 6 | ||||
-rw-r--r-- | meta-signing-key/files/secondary_trusted_keys/secondary_trusted_key.crt (renamed from meta-signing-key/files/extra_system_trusted_keys/extra_system_trusted_key.crt) | 0 | ||||
-rw-r--r-- | meta-signing-key/files/secondary_trusted_keys/secondary_trusted_key.key (renamed from meta-signing-key/files/extra_system_trusted_keys/extra_system_trusted_key.key) | 0 | ||||
-rw-r--r-- | meta-signing-key/recipes-support/key-store/key-store_0.1.bb | 32 | ||||
-rwxr-xr-x | meta-signing-key/scripts/create-user-key-store.sh | 12 |
6 files changed, 39 insertions, 39 deletions
diff --git a/meta-signing-key/classes/user-key-store.bbclass b/meta-signing-key/classes/user-key-store.bbclass index 03e1b2c..a0cecab 100644 --- a/meta-signing-key/classes/user-key-store.bbclass +++ b/meta-signing-key/classes/user-key-store.bbclass | |||
@@ -12,7 +12,7 @@ MOK_SB = '${@bb.utils.contains("DISTRO_FEATURES", "efi-secure-boot", "1", "0", d | |||
12 | MODSIGN = '${@bb.utils.contains("DISTRO_FEATURES", "modsign", "1", "0", d)}' | 12 | MODSIGN = '${@bb.utils.contains("DISTRO_FEATURES", "modsign", "1", "0", d)}' |
13 | IMA = '${@bb.utils.contains("DISTRO_FEATURES", "ima", "1", "0", d)}' | 13 | IMA = '${@bb.utils.contains("DISTRO_FEATURES", "ima", "1", "0", d)}' |
14 | SYSTEM_TRUSTED = '${@"1" if d.getVar("IMA", True) or d.getVar("MODSIGN", True) else "0"}' | 14 | SYSTEM_TRUSTED = '${@"1" if d.getVar("IMA", True) or d.getVar("MODSIGN", True) else "0"}' |
15 | EXTRA_SYSTEM_TRUSTED = '${@"1" if d.getVar("SYSTEM_TRUSTED", True) else "0"}' | 15 | SECONDARY_TRUSTED = '${@"1" if d.getVar("SYSTEM_TRUSTED", True) else "0"}' |
16 | RPM = '1' | 16 | RPM = '1' |
17 | 17 | ||
18 | def vprint(str, d): | 18 | def vprint(str, d): |
@@ -26,9 +26,9 @@ def uks_system_trusted_keys_dir(d): | |||
26 | set_keys_dir('SYSTEM_TRUSTED', d) | 26 | set_keys_dir('SYSTEM_TRUSTED', d) |
27 | return d.getVar('SYSTEM_TRUSTED_KEYS_DIR', True) + '/' | 27 | return d.getVar('SYSTEM_TRUSTED_KEYS_DIR', True) + '/' |
28 | 28 | ||
29 | def uks_extra_system_trusted_keys_dir(d): | 29 | def uks_secondary_trusted_keys_dir(d): |
30 | set_keys_dir('EXTRA_SYSTEM_TRUSTED', d) | 30 | set_keys_dir('SECONDARY_TRUSTED', d) |
31 | return d.getVar('EXTRA_SYSTEM_TRUSTED_KEYS_DIR', True) + '/' | 31 | return d.getVar('SECONDARY_TRUSTED_KEYS_DIR', True) + '/' |
32 | 32 | ||
33 | def uks_modsign_keys_dir(d): | 33 | def uks_modsign_keys_dir(d): |
34 | set_keys_dir('MODSIGN', d) | 34 | set_keys_dir('MODSIGN', d) |
@@ -173,10 +173,10 @@ def check_system_trusted_keys(d): | |||
173 | vprint("%s.crt is unavailable" % _, d) | 173 | vprint("%s.crt is unavailable" % _, d) |
174 | return False | 174 | return False |
175 | 175 | ||
176 | def check_extra_system_trusted_keys(d): | 176 | def check_secondary_trusted_keys(d): |
177 | dir = uks_extra_system_trusted_keys_dir(d) | 177 | dir = uks_secondary_trusted_keys_dir(d) |
178 | 178 | ||
179 | _ = 'extra_system_trusted_key' | 179 | _ = 'secondary_trusted_key' |
180 | if not os.path.exists(dir + _ + '.key'): | 180 | if not os.path.exists(dir + _ + '.key'): |
181 | vprint("%s.key is unavailable" % _, d) | 181 | vprint("%s.key is unavailable" % _, d) |
182 | return False | 182 | return False |
@@ -379,13 +379,13 @@ deploy_system_trusted_keys() { | |||
379 | fi | 379 | fi |
380 | } | 380 | } |
381 | 381 | ||
382 | deploy_extra_system_trusted_keys() { | 382 | deploy_secondary_trusted_keys() { |
383 | local deploy_dir="${DEPLOY_KEYS_DIR}/extra_system_trusted_keys" | 383 | local deploy_dir="${DEPLOY_KEYS_DIR}/secondary_trusted_keys" |
384 | 384 | ||
385 | if [ x"${EXTRA_SYSTEM_TRUSTED_KEYS_DIR}" != x"$deploy_dir" ]; then | 385 | if [ x"${SECONDARY_TRUSTED_KEYS_DIR}" != x"$deploy_dir" ]; then |
386 | install -d "$deploy_dir" | 386 | install -d "$deploy_dir" |
387 | 387 | ||
388 | cp -af "${EXTRA_SYSTEM_TRUSTED_KEYS_DIR}"/* "$deploy_dir" | 388 | cp -af "${SECONDARY_TRUSTED_KEYS_DIR}"/* "$deploy_dir" |
389 | fi | 389 | fi |
390 | } | 390 | } |
391 | 391 | ||
@@ -413,8 +413,8 @@ def sanity_check_user_keys(name, may_exit, d): | |||
413 | _ = check_ima_user_keys(d) | 413 | _ = check_ima_user_keys(d) |
414 | elif name == 'SYSTEM_TRUSTED': | 414 | elif name == 'SYSTEM_TRUSTED': |
415 | _ = check_system_trusted_keys(d) | 415 | _ = check_system_trusted_keys(d) |
416 | elif name == 'EXTRA_SYSTEM_TRUSTED': | 416 | elif name == 'SECONDARY_TRUSTED': |
417 | _ = check_extra_system_trusted_keys(d) | 417 | _ = check_secondary_trusted_keys(d) |
418 | elif name == 'MODSIGN': | 418 | elif name == 'MODSIGN': |
419 | _ = check_modsign_keys(d) | 419 | _ = check_modsign_keys(d) |
420 | elif name == 'RPM': | 420 | elif name == 'RPM': |
@@ -440,7 +440,7 @@ def set_keys_dir(name, d): | |||
440 | d.setVar(name + '_KEYS_DIR', d.getVar('DEPLOY_DIR_IMAGE', True) + '/user-keys/' + name.lower() + '_keys') | 440 | d.setVar(name + '_KEYS_DIR', d.getVar('DEPLOY_DIR_IMAGE', True) + '/user-keys/' + name.lower() + '_keys') |
441 | 441 | ||
442 | python check_deploy_keys() { | 442 | python check_deploy_keys() { |
443 | for _ in ('UEFI_SB', 'MOK_SB', 'IMA', 'SYSTEM_TRUSTED', 'EXTRA_SYSTEM_TRUSTED', 'MODSIGN', 'RPM'): | 443 | for _ in ('UEFI_SB', 'MOK_SB', 'IMA', 'SYSTEM_TRUSTED', 'SECONDARY_TRUSTED', 'MODSIGN', 'RPM'): |
444 | if d.getVar(_, True) != "1": | 444 | if d.getVar(_, True) != "1": |
445 | continue | 445 | continue |
446 | 446 | ||
diff --git a/meta-signing-key/conf/layer.conf b/meta-signing-key/conf/layer.conf index 939f71a..e067f6b 100644 --- a/meta-signing-key/conf/layer.conf +++ b/meta-signing-key/conf/layer.conf | |||
@@ -17,7 +17,7 @@ SIGNING_MODEL ??= "sample" | |||
17 | SAMPLE_MOK_SB_KEYS_DIR = "${LAYERDIR}/files/mok_sb_keys" | 17 | SAMPLE_MOK_SB_KEYS_DIR = "${LAYERDIR}/files/mok_sb_keys" |
18 | SAMPLE_UEFI_SB_KEYS_DIR = "${LAYERDIR}/files/uefi_sb_keys" | 18 | SAMPLE_UEFI_SB_KEYS_DIR = "${LAYERDIR}/files/uefi_sb_keys" |
19 | SAMPLE_SYSTEM_TRUSTED_KEYS_DIR = "${LAYERDIR}/files/system_trusted_keys" | 19 | SAMPLE_SYSTEM_TRUSTED_KEYS_DIR = "${LAYERDIR}/files/system_trusted_keys" |
20 | SAMPLE_EXTRA_SYSTEM_TRUSTED_KEYS_DIR = "${LAYERDIR}/files/extra_system_trusted_keys" | 20 | SAMPLE_SECONDARY_TRUSTED_KEYS_DIR = "${LAYERDIR}/files/secondary_trusted_keys" |
21 | SAMPLE_MODSIGN_KEYS_DIR = "${LAYERDIR}/files/modsign_keys" | 21 | SAMPLE_MODSIGN_KEYS_DIR = "${LAYERDIR}/files/modsign_keys" |
22 | SAMPLE_IMA_KEYS_DIR = "${LAYERDIR}/files/ima_keys" | 22 | SAMPLE_IMA_KEYS_DIR = "${LAYERDIR}/files/ima_keys" |
23 | SAMPLE_RPM_KEYS_DIR = "${LAYERDIR}/files/rpm_keys" | 23 | SAMPLE_RPM_KEYS_DIR = "${LAYERDIR}/files/rpm_keys" |
@@ -33,7 +33,7 @@ EV_CERT ??= "${LAYERDIR}/files/mok_sb_keys/wosign_ev_cert.crt" | |||
33 | MOK_SB_KEYS_DIR ??= "${SAMPLE_MOK_SB_KEYS_DIR}" | 33 | MOK_SB_KEYS_DIR ??= "${SAMPLE_MOK_SB_KEYS_DIR}" |
34 | UEFI_SB_KEYS_DIR ??= "${SAMPLE_UEFI_SB_KEYS_DIR}" | 34 | UEFI_SB_KEYS_DIR ??= "${SAMPLE_UEFI_SB_KEYS_DIR}" |
35 | SYSTEM_TRUSTED_KEYS_DIR ??= "${SAMPLE_SYSTEM_TRUSTED_KEYS_DIR}" | 35 | SYSTEM_TRUSTED_KEYS_DIR ??= "${SAMPLE_SYSTEM_TRUSTED_KEYS_DIR}" |
36 | EXTRA_SYSTEM_TRUSTED_KEYS_DIR ??= "${SAMPLE_EXTRA_SYSTEM_TRUSTED_KEYS_DIR}" | 36 | SECONDARY_TRUSTED_KEYS_DIR ??= "${SAMPLE_SECONDARY_TRUSTED_KEYS_DIR}" |
37 | MODSIGN_KEYS_DIR ??= "${SAMPLE_MODSIGN_KEYS_DIR}" | 37 | MODSIGN_KEYS_DIR ??= "${SAMPLE_MODSIGN_KEYS_DIR}" |
38 | IMA_KEYS_DIR ??= "${SAMPLE_IMA_KEYS_DIR}" | 38 | IMA_KEYS_DIR ??= "${SAMPLE_IMA_KEYS_DIR}" |
39 | RPM_KEYS_DIR ??= "${SAMPLE_RPM_KEYS_DIR}" | 39 | RPM_KEYS_DIR ??= "${SAMPLE_RPM_KEYS_DIR}" |
@@ -50,7 +50,7 @@ RPM_GPG_PASSPHRASE ?= "SecureCore" | |||
50 | 50 | ||
51 | BB_HASHBASE_WHITELIST_append += "\ | 51 | BB_HASHBASE_WHITELIST_append += "\ |
52 | SYSTEM_TRUSTED_KEYS_DIR \ | 52 | SYSTEM_TRUSTED_KEYS_DIR \ |
53 | EXTRA_SYSTEM_TRUSTED_KEYS_DIR \ | 53 | SECONDARY_TRUSTED_KEYS_DIR \ |
54 | MODSIGN_KEYS_DIR \ | 54 | MODSIGN_KEYS_DIR \ |
55 | IMA_KEYS_DIR \ | 55 | IMA_KEYS_DIR \ |
56 | RPM_KEYS_DIR \ | 56 | RPM_KEYS_DIR \ |
diff --git a/meta-signing-key/files/extra_system_trusted_keys/extra_system_trusted_key.crt b/meta-signing-key/files/secondary_trusted_keys/secondary_trusted_key.crt index b7c3493..b7c3493 100644 --- a/meta-signing-key/files/extra_system_trusted_keys/extra_system_trusted_key.crt +++ b/meta-signing-key/files/secondary_trusted_keys/secondary_trusted_key.crt | |||
diff --git a/meta-signing-key/files/extra_system_trusted_keys/extra_system_trusted_key.key b/meta-signing-key/files/secondary_trusted_keys/secondary_trusted_key.key index 0bf56cf..0bf56cf 100644 --- a/meta-signing-key/files/extra_system_trusted_keys/extra_system_trusted_key.key +++ b/meta-signing-key/files/secondary_trusted_keys/secondary_trusted_key.key | |||
diff --git a/meta-signing-key/recipes-support/key-store/key-store_0.1.bb b/meta-signing-key/recipes-support/key-store/key-store_0.1.bb index 8dd9637..66691cc 100644 --- a/meta-signing-key/recipes-support/key-store/key-store_0.1.bb +++ b/meta-signing-key/recipes-support/key-store/key-store_0.1.bb | |||
@@ -17,8 +17,8 @@ RPM_KEY_DIR = "${sysconfdir}/pki/rpm-gpg" | |||
17 | # For ${PN}-system-trusted-privkey | 17 | # For ${PN}-system-trusted-privkey |
18 | SYSTEM_PRIV_KEY = "${KEY_DIR}/system_trusted_key.key" | 18 | SYSTEM_PRIV_KEY = "${KEY_DIR}/system_trusted_key.key" |
19 | 19 | ||
20 | # For ${PN}-extra-system-trusted-privkey | 20 | # For ${PN}-secondary-trusted-privkey |
21 | EXTRA_SYSTEM_PRIV_KEY = "${KEY_DIR}/extra_system_trusted_key.key" | 21 | SECONDARY_TRUSTED_PRIV_KEY = "${KEY_DIR}/secondary_trusted_key.key" |
22 | 22 | ||
23 | # For ${PN}-modsign-privkey | 23 | # For ${PN}-modsign-privkey |
24 | MODSIGN_PRIV_KEY = "${KEY_DIR}/modsign_key.key" | 24 | MODSIGN_PRIV_KEY = "${KEY_DIR}/modsign_key.key" |
@@ -29,8 +29,8 @@ IMA_PRIV_KEY = "${KEY_DIR}/privkey_evm.crt" | |||
29 | # For ${PN}-system-trusted-cert | 29 | # For ${PN}-system-trusted-cert |
30 | SYSTEM_CERT = "${KEY_DIR}/system_trusted_key.crt" | 30 | SYSTEM_CERT = "${KEY_DIR}/system_trusted_key.crt" |
31 | 31 | ||
32 | # For ${PN}-extra-system-trusted-cert | 32 | # For ${PN}-secondary-trusted-cert |
33 | EXTRA_SYSTEM_CERT = "${KEY_DIR}/extra_system_trusted_key.crt" | 33 | SECONDARY_TRUSTED_CERT = "${KEY_DIR}/secondary_trusted_key.crt" |
34 | 34 | ||
35 | # For ${PN}-modsign-cert | 35 | # For ${PN}-modsign-cert |
36 | MODSIGN_CERT = "${KEY_DIR}/modsign_key.crt" | 36 | MODSIGN_CERT = "${KEY_DIR}/modsign_key.crt" |
@@ -47,10 +47,10 @@ python () { | |||
47 | d.setVar('FILES_' + pn, d.getVar('SYSTEM_PRIV_KEY', True)) | 47 | d.setVar('FILES_' + pn, d.getVar('SYSTEM_PRIV_KEY', True)) |
48 | d.setVar('CONFFILES_' + pn, d.getVar('SYSTEM_PRIV_KEY', True)) | 48 | d.setVar('CONFFILES_' + pn, d.getVar('SYSTEM_PRIV_KEY', True)) |
49 | 49 | ||
50 | pn = d.getVar('PN', True) + '-extra-system-trusted-privkey' | 50 | pn = d.getVar('PN', True) + '-secondary-trusted-privkey' |
51 | d.setVar('PACKAGES_prepend', pn + ' ') | 51 | d.setVar('PACKAGES_prepend', pn + ' ') |
52 | d.setVar('FILES_' + pn, d.getVar('EXTRA_SYSTEM_PRIV_KEY', True)) | 52 | d.setVar('FILES_' + pn, d.getVar('SECONDARY_TRUSTED_PRIV_KEY', True)) |
53 | d.setVar('CONFFILES_' + pn, d.getVar('EXTRA_SYSTEM_PRIV_KEY', True)) | 53 | d.setVar('CONFFILES_' + pn, d.getVar('SECONDARY_TRUSTED_PRIV_KEY', True)) |
54 | 54 | ||
55 | pn = d.getVar('PN', True) + '-modsign-privkey' | 55 | pn = d.getVar('PN', True) + '-modsign-privkey' |
56 | d.setVar('PACKAGES_prepend', pn + ' ') | 56 | d.setVar('PACKAGES_prepend', pn + ' ') |
@@ -96,13 +96,13 @@ do_install() { | |||
96 | install -m 0400 "$key_dir/system_trusted_key.key" "${D}${SYSTEM_PRIV_KEY}" | 96 | install -m 0400 "$key_dir/system_trusted_key.key" "${D}${SYSTEM_PRIV_KEY}" |
97 | fi | 97 | fi |
98 | 98 | ||
99 | key_dir="${@uks_extra_system_trusted_keys_dir(d)}" | 99 | key_dir="${@uks_secondary_trusted_keys_dir(d)}" |
100 | install -m 0644 "$key_dir/extra_system_trusted_key.crt" \ | 100 | install -m 0644 "$key_dir/secondary_trusted_key.crt" \ |
101 | "${D}${EXTRA_SYSTEM_CERT}" | 101 | "${D}${SECONDARY_TRUSTED_CERT}" |
102 | 102 | ||
103 | if [ "${@uks_signing_model(d)}" = "sample" -o "${@uks_signing_model(d)}" = "user" ]; then | 103 | if [ "${@uks_signing_model(d)}" = "sample" -o "${@uks_signing_model(d)}" = "user" ]; then |
104 | install -m 0400 "$key_dir/extra_system_trusted_key.key" \ | 104 | install -m 0400 "$key_dir/secondary_trusted_key.key" \ |
105 | "${D}${EXTRA_SYSTEM_PRIV_KEY}" | 105 | "${D}${SECONDARY_TRUSTED_PRIV_KEY}" |
106 | fi | 106 | fi |
107 | 107 | ||
108 | key_dir="${@uks_modsign_keys_dir(d)}" | 108 | key_dir="${@uks_modsign_keys_dir(d)}" |
@@ -150,7 +150,7 @@ pkg_postinst_${PN}-rpm-pubkey() { | |||
150 | 150 | ||
151 | PACKAGES = "\ | 151 | PACKAGES = "\ |
152 | ${PN}-system-trusted-cert \ | 152 | ${PN}-system-trusted-cert \ |
153 | ${PN}-extra-system-trusted-cert \ | 153 | ${PN}-secondary-trusted-cert \ |
154 | ${PN}-modsign-cert \ | 154 | ${PN}-modsign-cert \ |
155 | ${PN}-ima-cert \ | 155 | ${PN}-ima-cert \ |
156 | " | 156 | " |
@@ -158,7 +158,7 @@ PACKAGES = "\ | |||
158 | # Note any private key is not available if user key signing model used. | 158 | # Note any private key is not available if user key signing model used. |
159 | PACKAGES_DYNAMIC = "\ | 159 | PACKAGES_DYNAMIC = "\ |
160 | ${PN}-system-trusted-privkey \ | 160 | ${PN}-system-trusted-privkey \ |
161 | ${PN}-extra-system-trusted-privkey \ | 161 | ${PN}-secondary-trusted-privkey \ |
162 | ${PN}-modsign-privkey \ | 162 | ${PN}-modsign-privkey \ |
163 | ${PN}-ima-privkey \ | 163 | ${PN}-ima-privkey \ |
164 | ${PN}-rpm-pubkey \ | 164 | ${PN}-rpm-pubkey \ |
@@ -167,8 +167,8 @@ PACKAGES_DYNAMIC = "\ | |||
167 | FILES_${PN}-system-trusted-cert = "${SYSTEM_CERT}" | 167 | FILES_${PN}-system-trusted-cert = "${SYSTEM_CERT}" |
168 | CONFFILES_${PN}-system-trusted-cert = "${SYSTEM_CERT}" | 168 | CONFFILES_${PN}-system-trusted-cert = "${SYSTEM_CERT}" |
169 | 169 | ||
170 | FILES_${PN}-extra-system-trusted-cert = "${EXTRA_SYSTEM_CERT}" | 170 | FILES_${PN}-secondary-trusted-cert = "${SECONDARY_TRUSTED_CERT}" |
171 | CONFFILES_${PN}-extra-system-trusted-cert = "${EXTRA_SYSTEM_CERT}" | 171 | CONFFILES_${PN}-secondary-trusted-cert = "${SECONDARY_TRUSTED_CERT}" |
172 | 172 | ||
173 | FILES_${PN}-modsign-cert = "${MODSIGN_CERT}" | 173 | FILES_${PN}-modsign-cert = "${MODSIGN_CERT}" |
174 | CONFFILES_${PN}-modsign-cert = "${MODSIGN_CERT}" | 174 | CONFFILES_${PN}-modsign-cert = "${MODSIGN_CERT}" |
diff --git a/meta-signing-key/scripts/create-user-key-store.sh b/meta-signing-key/scripts/create-user-key-store.sh index ddcd31a..eea52df 100755 --- a/meta-signing-key/scripts/create-user-key-store.sh +++ b/meta-signing-key/scripts/create-user-key-store.sh | |||
@@ -98,7 +98,7 @@ SYSTEM_KEYS_DIR="$KEYS_DIR/system_trusted_keys" | |||
98 | IMA_KEYS_DIR="$KEYS_DIR/ima_keys" | 98 | IMA_KEYS_DIR="$KEYS_DIR/ima_keys" |
99 | RPM_KEYS_DIR="$KEYS_DIR/rpm_keys" | 99 | RPM_KEYS_DIR="$KEYS_DIR/rpm_keys" |
100 | MODSIGN_KEYS_DIR="$KEYS_DIR/modsign_keys" | 100 | MODSIGN_KEYS_DIR="$KEYS_DIR/modsign_keys" |
101 | EXTRA_SYSTEM_KEYS_DIR="$KEYS_DIR/extra_system_trusted_keys" | 101 | SECONDARY_TRUSTED_KEYS_DIR="$KEYS_DIR/secondary_trusted_keys" |
102 | 102 | ||
103 | pem2der() { | 103 | pem2der() { |
104 | local src="$1" | 104 | local src="$1" |
@@ -201,12 +201,12 @@ create_modsign_user_key() { | |||
201 | "/CN=MODSIGN Certificate/" | 201 | "/CN=MODSIGN Certificate/" |
202 | } | 202 | } |
203 | 203 | ||
204 | create_extra_system_user_key() { | 204 | create_secondary_user_key() { |
205 | local key_dir="$EXTRA_SYSTEM_KEYS_DIR" | 205 | local key_dir="$SECONDARY_TRUSTED_KEYS_DIR" |
206 | 206 | ||
207 | [ ! -d "$key_dir" ] && mkdir -p "$key_dir" | 207 | [ ! -d "$key_dir" ] && mkdir -p "$key_dir" |
208 | 208 | ||
209 | ca_sign "$key_dir" extra_system_trusted_key "$SYSTEM_KEYS_DIR" system_trusted_key \ | 209 | ca_sign "$key_dir" secondary_trusted_key "$SYSTEM_KEYS_DIR" system_trusted_key \ |
210 | "/CN=Extra System Trusted Certificate/" | 210 | "/CN=Extra System Trusted Certificate/" |
211 | } | 211 | } |
212 | 212 | ||
@@ -297,8 +297,8 @@ create_user_keys() { | |||
297 | echo "Creating the user key for system" | 297 | echo "Creating the user key for system" |
298 | create_system_user_key | 298 | create_system_user_key |
299 | 299 | ||
300 | echo "Creating the user key for system extra" | 300 | echo "Creating the user key for system secondary trust" |
301 | create_extra_system_user_key | 301 | create_secondary_user_key |
302 | 302 | ||
303 | echo "Creating the user key for modsign" | 303 | echo "Creating the user key for modsign" |
304 | create_modsign_user_key | 304 | create_modsign_user_key |